Title: Web Browsers vulnerable to the Extended HTML
Release Date: 06/02/2002
Internet Explorer 6 and older versions
Opera 6.0 and older versions
Allows stealing of cookies, penetration of internal
networks and other evil stuff.
Internet Explorer - Informed firstname.lastname@example.org
and worked with them to release a patch. Should
be out soon.
Opera - Worked with the Opera team. A fix is due
- Extended HTML Form Attack
Many web browsers such as Internet
Explorer allow forms to be submitted to non-HTTP
services. Some non-HTTP
services echo back the information sent, and the
web browser renders the echo as an HTML page,
of the protocol behind the service.
A malicious user can create a
form which is submitted by the victim (automatically
using Active Scripting
or manually using Social Engineering). This form
which in turn allow the malicious user to steal
the cookie for that domain.
There are more uses for this attack, other than
just stealing cookies.
demo at http://eyeonsecurity.org/advisories/extended-form-attack/demoes
The information within this document
may change without notice. Use of
this information constitutes acceptance for use
in an AS IS
condition. There are NO warranties with regard
to this information.
In no event shall the author be liable for any
arising out of or in connection with the use or
spread of this
information. Any use of this information lays
within the user's
Please send suggestions, updates,
and comments to:
Eye on Security
mail : email@example.com
web : http://www.eyeonsecurity.org